During research, Cisco's Talos security unit discovered that computers infected with the Angler Exploit Kit were connecting to servers at Limestone Networks, a Dallas hosting provider. Angler encrypts victim machines until the victims pay a sum – a ransom -- to have them decrypted.

Limestone worked with Talos to deliver previously unknown insight into Angler’s data flow, management, and scale. Cisco also collaborated with Level 3 Communications and OpenDNS, a company it is acquiring, to learn more about the activity and devise a defense.

According to the blog, Cisco shut down access for customers by updating products to stop redirects to the Angler proxy servers. The company also released Snort rules to detect and block checks from the health checks, and published protocols and other information so service providers and their customers can protect themselves.

“This is a significant blow to the emerging hacker economy where ransomware and the black market sale of stolen IP, credit card info and personally identifiable information are generating hundreds of millions of dollars annually,” Cisco stated in the blog post.

This story, "Cisco disrupts $60M ransomware biz" was originally published by
Network World.

Jim Duffy has been covering technology for over 28 years, 23 at Network World. He covers enterprise networking infrastructure, including routers and switches. He also writes The Cisco Connection blog and can be reached on Twitter @Jim_Duffy and at jduffy@nww.com.